mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 21:21:42 +00:00
Merge branch 'dev' of https://github.com/acmesh-official/acme.sh into dev
This commit is contained in:
commit
97f3fb4496
2
.github/workflows/DNS.yml
vendored
2
.github/workflows/DNS.yml
vendored
@ -94,7 +94,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: Install tools
|
- name: Install tools
|
||||||
run: brew update && brew install socat;
|
run: brew install socat
|
||||||
- name: Clone acmetest
|
- name: Clone acmetest
|
||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
- name: Run acmetest
|
- name: Run acmetest
|
||||||
|
2
.github/workflows/dockerhub.yml
vendored
2
.github/workflows/dockerhub.yml
vendored
@ -63,4 +63,4 @@ jobs:
|
|||||||
--tag ${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG} \
|
--tag ${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG} \
|
||||||
--output "type=image,push=true" \
|
--output "type=image,push=true" \
|
||||||
--build-arg AUTO_UPGRADE=${AUTO_UPGRADE} \
|
--build-arg AUTO_UPGRADE=${AUTO_UPGRADE} \
|
||||||
--platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386 .
|
--platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386,linux/ppc64le,linux/s390x .
|
||||||
|
@ -7,6 +7,7 @@ RUN apk update -f \
|
|||||||
coreutils \
|
coreutils \
|
||||||
bind-tools \
|
bind-tools \
|
||||||
curl \
|
curl \
|
||||||
|
sed \
|
||||||
socat \
|
socat \
|
||||||
tzdata \
|
tzdata \
|
||||||
oath-toolkit-oathtool \
|
oath-toolkit-oathtool \
|
||||||
|
@ -64,9 +64,9 @@ fritzbox_deploy() {
|
|||||||
_info "Log in to the FRITZ!Box"
|
_info "Log in to the FRITZ!Box"
|
||||||
_fritzbox_challenge="$(_get "${_fritzbox_url}/login_sid.lua" | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//')"
|
_fritzbox_challenge="$(_get "${_fritzbox_url}/login_sid.lua" | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//')"
|
||||||
if _exists iconv; then
|
if _exists iconv; then
|
||||||
_fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | iconv -f ASCII -t UTF16LE | md5sum | awk '{print $1}')"
|
_fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | iconv -f ASCII -t UTF16LE | _digest md5 hex)"
|
||||||
else
|
else
|
||||||
_fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | perl -p -e 'use Encode qw/encode/; print encode("UTF-16LE","$_"); $_="";' | md5sum | awk '{print $1}')"
|
_fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | perl -p -e 'use Encode qw/encode/; print encode("UTF-16LE","$_"); $_="";' | _digest md5 hex)"
|
||||||
fi
|
fi
|
||||||
_fritzbox_sid="$(_get "${_fritzbox_url}/login_sid.lua?sid=0000000000000000&username=${_fritzbox_username}&response=${_fritzbox_challenge}-${_fritzbox_hash}" | sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//')"
|
_fritzbox_sid="$(_get "${_fritzbox_url}/login_sid.lua?sid=0000000000000000&username=${_fritzbox_username}&response=${_fritzbox_challenge}-${_fritzbox_hash}" | sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//')"
|
||||||
|
|
||||||
|
67
deploy/vault.sh
Normal file
67
deploy/vault.sh
Normal file
@ -0,0 +1,67 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
# Here is a script to deploy cert to hashicorp vault using curl
|
||||||
|
# (https://www.vaultproject.io/)
|
||||||
|
#
|
||||||
|
# it requires following environment variables:
|
||||||
|
#
|
||||||
|
# VAULT_PREFIX - this contains the prefix path in vault
|
||||||
|
# VAULT_ADDR - vault requires this to find your vault server
|
||||||
|
#
|
||||||
|
# additionally, you need to ensure that VAULT_TOKEN is avialable
|
||||||
|
# to access the vault server
|
||||||
|
|
||||||
|
#returns 0 means success, otherwise error.
|
||||||
|
|
||||||
|
######## Public functions #####################
|
||||||
|
|
||||||
|
#domain keyfile certfile cafile fullchain
|
||||||
|
vault_deploy() {
|
||||||
|
|
||||||
|
_cdomain="$1"
|
||||||
|
_ckey="$2"
|
||||||
|
_ccert="$3"
|
||||||
|
_cca="$4"
|
||||||
|
_cfullchain="$5"
|
||||||
|
|
||||||
|
_debug _cdomain "$_cdomain"
|
||||||
|
_debug _ckey "$_ckey"
|
||||||
|
_debug _ccert "$_ccert"
|
||||||
|
_debug _cca "$_cca"
|
||||||
|
_debug _cfullchain "$_cfullchain"
|
||||||
|
|
||||||
|
# validate required env vars
|
||||||
|
_getdeployconf VAULT_PREFIX
|
||||||
|
if [ -z "$VAULT_PREFIX" ]; then
|
||||||
|
_err "VAULT_PREFIX needs to be defined (contains prefix path in vault)"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_savedeployconf VAULT_PREFIX "$VAULT_PREFIX"
|
||||||
|
|
||||||
|
_getdeployconf VAULT_ADDR
|
||||||
|
if [ -z "$VAULT_ADDR" ]; then
|
||||||
|
_err "VAULT_ADDR needs to be defined (contains vault connection address)"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_savedeployconf VAULT_ADDR "$VAULT_ADDR"
|
||||||
|
|
||||||
|
# JSON does not allow multiline strings.
|
||||||
|
# So replacing new-lines with "\n" here
|
||||||
|
_ckey=$(sed -z 's/\n/\\n/g' <"$2")
|
||||||
|
_ccert=$(sed -z 's/\n/\\n/g' <"$3")
|
||||||
|
_cca=$(sed -z 's/\n/\\n/g' <"$4")
|
||||||
|
_cfullchain=$(sed -z 's/\n/\\n/g' <"$5")
|
||||||
|
|
||||||
|
URL="$VAULT_ADDR/v1/$VAULT_PREFIX/$_cdomain"
|
||||||
|
export _H1="X-Vault-Token: $VAULT_TOKEN"
|
||||||
|
|
||||||
|
if [ -n "$FABIO" ]; then
|
||||||
|
_post "{\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"}" "$URL"
|
||||||
|
else
|
||||||
|
_post "{\"value\": \"$_ccert\"}" "$URL/cert.pem"
|
||||||
|
_post "{\"value\": \"$_ckey\"}" "$URL/cert.key"
|
||||||
|
_post "{\"value\": \"$_cca\"}" "$URL/chain.pem"
|
||||||
|
_post "{\"value\": \"$_cfullchain\"}" "$URL/fullchain.pem"
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
150
dnsapi/dns_anx.sh
Normal file
150
dnsapi/dns_anx.sh
Normal file
@ -0,0 +1,150 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
# Anexia CloudDNS acme.sh hook
|
||||||
|
# Author: MA
|
||||||
|
|
||||||
|
#ANX_Token="xxxx"
|
||||||
|
|
||||||
|
ANX_API='https://engine.anexia-it.com/api/clouddns/v1'
|
||||||
|
|
||||||
|
######## Public functions #####################
|
||||||
|
|
||||||
|
dns_anx_add() {
|
||||||
|
fulldomain=$1
|
||||||
|
txtvalue=$2
|
||||||
|
|
||||||
|
_info "Using ANX CDNS API"
|
||||||
|
|
||||||
|
ANX_Token="${ANX_Token:-$(_readaccountconf_mutable ANX_Token)}"
|
||||||
|
_debug fulldomain "$fulldomain"
|
||||||
|
_debug txtvalue "$txtvalue"
|
||||||
|
|
||||||
|
if [ "$ANX_Token" ]; then
|
||||||
|
_saveaccountconf_mutable ANX_Token "$ANX_Token"
|
||||||
|
else
|
||||||
|
_err "You didn't specify a ANEXIA Engine API token."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
_debug "First detect the root zone"
|
||||||
|
if ! _get_root "$fulldomain"; then
|
||||||
|
_err "invalid domain"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Always add records, wildcard need two records with the same name
|
||||||
|
_anx_rest POST "zone.json/${_domain}/records" "{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"rdata\":\"$txtvalue\"}"
|
||||||
|
if _contains "$response" "$txtvalue"; then
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
dns_anx_rm() {
|
||||||
|
fulldomain=$1
|
||||||
|
txtvalue=$2
|
||||||
|
|
||||||
|
_info "Using ANX CDNS API"
|
||||||
|
|
||||||
|
ANX_Token="${ANX_Token:-$(_readaccountconf_mutable ANX_Token)}"
|
||||||
|
|
||||||
|
_debug fulldomain "$fulldomain"
|
||||||
|
_debug txtvalue "$txtvalue"
|
||||||
|
|
||||||
|
_debug "First detect the root zone"
|
||||||
|
if ! _get_root "$fulldomain"; then
|
||||||
|
_err "invalid domain"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
_get_record_id
|
||||||
|
|
||||||
|
if _is_uuid "$_record_id"; then
|
||||||
|
if ! _anx_rest DELETE "zone.json/${_domain}/records/$_record_id"; then
|
||||||
|
_err "Delete record"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
_info "No record found."
|
||||||
|
fi
|
||||||
|
echo "$response" | tr -d " " | grep \"status\":\"OK\" >/dev/null
|
||||||
|
}
|
||||||
|
|
||||||
|
#################### Private functions below ##################################
|
||||||
|
|
||||||
|
_is_uuid() {
|
||||||
|
pattern='^\{?[A-Z0-9a-z]{8}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{12}\}?$'
|
||||||
|
if echo "$1" | _egrep_o "$pattern" >/dev/null; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
_get_record_id() {
|
||||||
|
_debug subdomain "$_sub_domain"
|
||||||
|
_debug domain "$_domain"
|
||||||
|
|
||||||
|
if _anx_rest GET "zone.json/${_domain}/records?name=$_sub_domain&type=TXT"; then
|
||||||
|
_debug response "$response"
|
||||||
|
if _contains "$response" "\"name\":\"$_sub_domain\"" >/dev/null; then
|
||||||
|
_record_id=$(printf "%s\n" "$response" | _egrep_o "\[.\"identifier\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \")
|
||||||
|
else
|
||||||
|
_record_id=''
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
_err "Search existing record"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
_anx_rest() {
|
||||||
|
m=$1
|
||||||
|
ep="$2"
|
||||||
|
data="$3"
|
||||||
|
_debug "$ep"
|
||||||
|
|
||||||
|
export _H1="Content-Type: application/json"
|
||||||
|
export _H2="Authorization: Token $ANX_Token"
|
||||||
|
|
||||||
|
if [ "$m" != "GET" ]; then
|
||||||
|
_debug data "$data"
|
||||||
|
response="$(_post "$data" "${ANX_API}/$ep" "" "$m")"
|
||||||
|
else
|
||||||
|
response="$(_get "${ANX_API}/$ep")"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# shellcheck disable=SC2181
|
||||||
|
if [ "$?" != "0" ]; then
|
||||||
|
_err "error $ep"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_debug response "$response"
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
_get_root() {
|
||||||
|
domain=$1
|
||||||
|
i=1
|
||||||
|
p=1
|
||||||
|
|
||||||
|
_anx_rest GET "zone.json"
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||||
|
_debug h "$h"
|
||||||
|
if [ -z "$h" ]; then
|
||||||
|
#not valid
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if _contains "$response" "\"name\":\"$h\""; then
|
||||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||||
|
_domain=$h
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
p=$i
|
||||||
|
i=$(_math "$i" + 1)
|
||||||
|
done
|
||||||
|
return 1
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user